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1 This action is in response to the communication filed on 6/4/2009. 

2 DETAILED ACTION 

3 Response to Arguments 

4 Applicant's arguments filed 6/4/2009 have been fiiUy considered but are moot in view of 

5 the new grounds of rejection presented below. The newly claimed limitations have been 

6 addressed accordingly below. 

7 Regarding the applicant's request for an interview, if the applicant's representative feels 

8 an interview would fiirther the prosecution of the application, the applicant's representative is 

9 welcome to submit an interview request form via fax to the examiner's direct fax line at 571-273- 

10 3790 and to contact the examiner at 571-272-3790 to discuss a date and time for an interview. 

1 1 All objections and rejections not set forth below have been withdrawn. 

12 Claims 1-27, 29, 3 1-33, and 35-44 have been examined. 

1 3 Information Disclosure Statement 

14 The information disclosiire statement(s) (IDS) submitted on 6/4/2009 are in compliance 

1 5 with the provisions of 37 CFR 1 .97. Accordingly, the examiner is considering the information 

16 disclosure statements. 

1 7 Claim Rejections - 35 USC § 112 

1 8 The following is a quotation of the second paragraph of 35 U.S.C. 112: 

1 9 The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 

20 subject matter which the applicant regards as his invention. 

21 

22 Claims 45-47 are rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for 

23 failing to particularly point out and distinctly claim the subject matter which applicant regards as 

24 the invention. 
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1 It is unclear from the claim language how "an event notification" can comprise both a 

2 logon event and one of a logout event, lock event, and unlock event, since an event notification 

3 would be a notification regarding an event, not a plurality of events. As such, the scope of the 

4 claims is not clear. Therefore, the claims are rejected under 35 USC 112 2nd Paragraph for 

5 failing to particularly point out and distinctly claim the subject matter which the applicant 

6 regards as the invention. 



7 Claim Rejections - 35 USC § 101 

8 35 U.S.C. 101 reads as follows: 

9 Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 

1 0 any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 

1 1 requirements of this title. 

12 

13 Claim(s) 1-4, 11-16 is/are rejected under 35 U.S.C. 101 as not falling within one of the 



14 four statutory categories of invention. While the claims recite a series of steps or acts to be 

15 performed, a statutory "process" under 35 U.S.C. 101 must (1) be tied to particular machine, or 

16 (2) transform underlying subject matter (such as an article or material) to a different state or 

17 thing. See page 10 of In Re Bilski 88 USPQ2d 1385. The instant claims are neither positively 

1 8 tied to a particular machine that accomplishes the claimed method steps nor transform 

1 9 underlying subject matter, and therefore do not qualify as a statutory process. The 

20 synchronization method including steps of enumerating and synchronizing credentials is broad 

2 1 enough that the claim could be completely performed mentally, verbally or without a machine 

22 nor is any fransformation apparent. For example, the claims could be completed by person. 
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1 Claim Rejections - 35 USC § 103 

2 The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 

3 obviousness rejections set forth in this Office action: 

4 A patent may not be obtained though the invention is not identically disclosed or 

5 described as set forth in section 102 of this title, if the differences between the subject matter 

6 sought to be patented and the prior art are such that the subject matter as a whole would have 

7 been obvious at the time the invention was made to a person having ordinary skill in the art to 

8 which said subject matter pertains. Patentability shall not be negatived by the manner in which 

9 the invention was made. 
10 

1 1 Claims 1-2, 4-18, 20-27, 29, 31-33, and 35-44 are rejected under 35 U.S.C. 103(a) as 



12 being unpatentable over Burch et al. (US Patent Application Publication 2005/0171872) 

1 3 hereinafter referred to as Burch, and further in view of Brovick et al. ("WINDOWS® 2000 

14 Active Directory™") hereinafter referred to as Brovick, and fiirther in view of Grambihler et al. 

1 5 (US Patent Number 6560655) hereinafter referred to as Grambihler. 

16 Regarding claim 1, Burch disclosed a method comprising: receiving an event notification 

17 (See Burch Paragraph 0043); and synchronizing the local credentials and remote credentials (See 

1 8 Burch Paragraph 0043-0044), but Burch failed to specifically disclose enumerating local 

1 9 credentials and remote credentials in response to the event notification, or wherein the event 

20 notification is at least one of the following: a logon event, a logout event, a lock event, and an 

21 unlock event. Burch did, however, disclose that the credential stores are directories (See Burch 

22 Paragraph 0022). 

23 Brovick teaches that Active Directory is a directory service, which provided replication 

24 of data between devices, as well as synchronization of the data between the devices in an Active 

25 Directory (See Brovick First Paragraph), and that in order to maintain synchronization between 
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1 each copy of the directory, each update to a directory is provided with a USN which is compared 

2 with USNs in other devices to determine which updates need to be repUcated (See Brovick 

3 "Keeping Track"). 

4 It would have been obvious to the ordinary person skilled in the art at the time of 

5 invention to employ the teachings of Brovick in the credential store system of Burch by utilizing 

6 Active Directory to provided the directory service and the synchronization between the 

7 credential stores. This would have been obvious because the ordinary person skilled in the art at 

8 the time of invention would have been motivated to provide quick and efficient directory 

9 services across the distributed credential store. 

1 0 Grambihler teaches that synchronization can be performed in response to logon and 

1 1 logoff events (Grambihler Summary of the Invention). 

1 2 It would have been obvious to the ordinary person skilled in the art at the time of 

13 invention to have employed the teachings of Grambihler in the system of Brovick by performing 

14 the sjoichronization in response to logon and logoff events. This would have been obvious 

1 5 because the ordinary person skilled in the art would have been motivated to provide increased 

1 6 flexibility to the scheduling of the credential synchronization. 

17 Regarding claim 17, Burch disclosed a method comprising: receiving an event 

1 8 notification (See Burch Paragraph 0043); and synchronizing the local credentials and remote 

19 credentials (See Burch Paragraph 0043-0044) and changing at least one of the local credentials in 

20 a first local credential cache (Burch Paragraphs 0043-0044), but Burch failed to specifically 

2 1 disclose enumerating local credentials and remote credentials in response to the event 
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1 notification. Burch did, however, disclose that the credential stores are directories (See Burch 

2 Paragraph 0022). 

3 Burch further failed to disclose a synchronization module which: sorts the local 

4 credentials and the remote credentials into a local credential array and a remote credential array 

5 respectively and linearly compares the local credential array and the remote credential array; and 

6 stores a state file for conflict resolution, the state file comprising: a file version; a flag, wherein 

7 the flag indicates whether the credential is user protected (but Burch did disclose that some 

8 credentials are user protected in Paragraph 0055); and a credential state, wherein the credential 

9 state comprises: last time synchronization module called; last time local store changed; and last 

10 time remote cache changed. 

1 1 Burch further failed to disclose that the change to the first local credential was removal 

12 from the cache, wherein the credential removed from the first local credential cache is identified 

13 and tagged by the synchronization module in a remote credential cache; and removing the tagged 

14 credential from a second local credential cache without rewriting the tagged credential to the 

15 remote credential cache. However, addition and deletion of credentials in a credential store was 

1 6 well known in the art at the time of invention, and would have been obvious to the ordinary 

17 person skilled in the art at the time of invention. This would have been obvious because the 

1 8 ordinary person skilled in the art would have been motivated to have allowed flexibility in the 

19 authorizations granted within the system by allowing authorizations to be granted and taken 

20 away. 
21 
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1 Brovick teaches that Active Directory is a directory service, which provided replication 

2 of data between devices, as well as synchronization of the data between the devices in an Active 

3 Directory (See Brovick First Paragraph), and that in order to maintain synchronization between 

4 each copy of the directory, each update to a directory is provided with a USN which is compared 

5 with USNs in other devices to determine which updates need to be replicated (See Brovick 

6 "Keeping Track"). Brovick further teaches keeping track of timestamps of when the local and 

7 remote (rephcated) data was updated (See Brovick "Conflict Resolution"), and when 

8 synchronization was last performed (See Brovick "Intra-Site Replication"). Brovick fiirther 

9 teaches that when a change in one local cache is made, the domain controller will mark the 

1 0 change in an up-to-date vector, and then replicate the change in other caches throughout the 

1 1 network without undoing the change (Brovick "Keeping Track"). 

12 Further, it was well known in the art at the time of invention to sort data into arrays for 

13 linear comparison in order to ease the complexity of the comparison, as well as to use flags to 

14 track Boolean properties. 

1 5 It would have been obvious to the ordinary person skilled in the art at the time of 

1 6 invention to employ the teachings of Brovick in the credential store system of Burch by utilizing 

17 Active Directory to provided the directory service and the synchronization between the 

1 8 credential stores. This would have been obvious because the ordinary person skilled in the art at 

1 9 the time of invention would have been motivated to provide quick and eflficient directory 

20 services across the distributed credential store. It fiirther would have been obvious to the 

2 1 ordinary person skilled in the art at the time of invention to have sorted the local and remote 

22 credentials into a local and remote credential array, and then linearly comparing the arrays to 
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1 determine conflicts which need to be resolved. This would have been obvious because ordinary 

2 person skilled in the art at the time of invention would have been motivated to ease the 

3 complexity of the comparison for determining conflicts between the servers. In this 

4 combination, the USN reads on the claimed version number. Further still, it would have been 

5 obvious to the ordinary person skilled in the art at the time of invention to have stored a flag for 

6 each entry in the credential store to track whether the entry was personal (user protected) or not. 

7 This would have been obvious because the ordinary person skilled in the art would have been 

8 motivated to utilize a well known method for tracking Boolean properties to track the Boolean 

9 property of personal entry or not. Even further still, it would have been obvious to the ordinary 

1 0 person skilled in the art at the time of invention to have employed the teachings of Brovick in the 

1 1 synchronization system by marking the deletion of a credential fi-om the cache, and propagating 

12 the change to the other caches in the network. This would have been obvious because the 

13 ordinary person skilled in the art would have been motivated to synchronize the caches. 

14 Burch fiirther failed to disclose that the event notification comprised a logon event. 

1 5 Grambihler teaches that synchronization can be performed in response to logon and 

16 logoff events (Grambihler Summary of the Invention). 

17 It would have been obvious to the ordinary person skilled in the art at the time of 

1 8 invention to have employed the teachings of Grambihler in the system of Brovick by performing 

19 the synchronization in response to logon and logoff events. This would have been obvious 

20 because the ordinary person skilled in the art would have been motivated to provide increased 

2 1 flexibility to the scheduling of the credential synchronization. 
22 
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1 Regarding claim 33, Burch disclosed a system comprising: an event handler to receive 

2 event notifications (See Burch Paragraph 0043-0044); and a synchronizing module operatively 

3 associated with the event handler to synchronize local credentials and remote credentials if the 

4 local and remote credentials are different from one another (See Burch Paragraph 0043-0044), 

5 but Burch failed to specifically disclose enumerating local credentials and remote credentials in 

6 response to the event notification, or wherein the event notification is at least one of the 

7 following: a logon event, a logout event, a lock event, and an unlock event. Burch did, however, 

8 disclose that the credential stores are directories (See Burch Paragraph 0022). 

9 Brovick teaches that Active Directory is a directory service, which provided replication 

10 of data between devices, as well as synchronization of the data between the devices in an Active 

1 1 Directory (See Brovick First Paragraph), and that in order to maintain synchronization between 

12 each copy of the directory, each update to a directory is provided with a USN which is compared 

13 with USNs in other devices to determine which updates need to be replicated (See Brovick 

14 "Keeping Track"). 

1 5 It would have been obvious to the ordinary person skilled in the art at the time of 

1 6 invention to employ the teachings of Brovick in the credential store system of Burch by utilizing 

17 Active Directory to provided the directory service and the synchronization between the 

1 8 credential stores. This would have been obvious because the ordinary person skilled in the art at 

1 9 the time of invention would have been motivated to provide quick and efficient directory 

20 services across the distributed credential store. 

2 1 Grambihler teaches that synchronization can be performed in response to logon and 

22 logoff events (Grambihler Summary of the Invention). 
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1 It would have been obvious to the ordinary person skilled in the art at the time of 

2 invention to have employed the teachings of Grambihler in the system of Brovick by performing 

3 the synchronization in response to logon and logoff events. This would have been obvious 

4 because the ordinary person skilled in the art would have been motivated to provide increased 

5 flexibility to the scheduling of the credential synchronization. 



6 Regarding claims 2 and 1 8, Burch, Brovick, and Grambihler taught that synchronizing 

7 the local credentials and the remote credentials is based on at least one time-stamp associated 

8 with the local credentials and at least one time-stamp associated with the remote credentials (See 

9 Brovick Conflict Resolution). 

1 0 Regarding claims 4 and 3 1 , while Burch, Brovick, and Grambihler did not specifically 

1 1 teach that the synchronizing included error handling, it was well known in the art of data 

12 transmission to include error handling, and therefore would have been obvious to the ordinary 

13 person skilled in the art at the time of invention to have done so. 

14 Regarding claims 5 and 20, Burch, Brovick, and Grambihler taught writing at least one of 

1 5 the local credentials to a remote credential cache (See Burch Paragraph 0056). 

16 Regarding claims 6 and 21, Burch, Brovick, and Grambihler taught writing at least one of 

17 the remote credentials to a local credential cache (See Burch Paragraph 0053). 

18 Regarding claims 7-8 and 22-23, while Burch, Brovick, and Grambihler taught that 

19 changes in local credentials are duplicated in the remote credential store, and vice versa, they 

20 failed to specifically disclose deleting remote credentials. However, addition and deletion of 

2 1 credentials in a credential store is well known, and would have been obvious to the ordinary 

22 person skilled in the art at the time of invention. This would have been obvious because the 
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1 ordinary person skilled in the art would have been motivated to have allowed flexibility in the 

2 authorizations granted within the system by allowing authorizations to be granted and taken 

3 away. 

4 Regarding claims 9 and 24, Burch, Brovick, and Grambihler taught modifying at least 

5 one of the local credentials at a local credential cache based on at least one of the remote 

6 credentials (See Burch Paragraph 0053). 

7 Regarding claims 10 and 25, Burch, Brovick, and Grambihler taught modifying at least 

8 one of the remote credentials at a remote credential cache based on at least one of the local 

9 credentials See Burch Paragraph 0056). 

10 Regarding claims 1 1 and 26, Burch, Brovick, and Grambihler taught updating a list of 

1 1 local credentials (See Brovick "Keeping Track"). 

12 Regarding claims 12 and 27, Burch, Brovick, and Grambihler taught updating a list of 

13 remote credentials (See Brovick "Keeping Track"). 

14 Regarding claims 13, and 29, Burch, Brovick, and Grambihler taught determining a state 

1 5 of the remote credentials dynamically (See Brovick "Intra-Site Replication" and "Inter-Site 

16 Replication"). 

17 Regarding claim 14, Burch, Brovick, and Grambihler taught maintaining a state file for 

18 the remote credentials (See Brovick "Keeping Track"). 

19 Regarding claim 15, Burch, Brovick, and Grambihler taught maintaining a state file for 

20 the local credentials (See Brovick "Keeping Track"). 
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1 Regarding claims 16 and 32, Burch, Brovick, and Grambihler taught resolving a conflict 

2 of state between the local credentials and the remote credentials (See Burch Paragraph 0044 and 

3 Brovick "Conflict Resolution"). 

4 Regarding claim 35, Burch, Brovick, and Grambihler taught that the credentials include 

5 at least one of the following: an encryption credential, a token, an asymmetric key pair, a 

6 symmetric key, a digital certificate, an XrML license, an authentication credential, an 

7 authorization credential (See Burch Paragraphs 0022-0024). 

8 Regarding claim 36, Burch, Brovick, and Grambihler taught that a local store manager to 

9 enumerate the local credentials for the synchronizing module (See Brovick "Keeping Track"). 

10 Regarding claim 37, Burch, Brovick, and Grambihler taught that a remote store manager 

11 to enumerate the remote credentials for the synchronizing module (See Brovick "Keeping 

12 Track"). 

13 Regarding claim 38, Burch, Brovick, and Grambihler taught that the local credentials are 

14 stored in a local cache (See Biirch Paragraph 0053). 

1 5 Regarding claim 39, Burch, Brovick, and Grambihler taught that the local credentials are 

16 stored in a local cache provided at any number (n) of clients (See Burch Paragraph 0053). 

1 7 Regarding claim 40, Burch, Brovick, and Grambihler taught that the local credentials are 

1 8 encrj^ted using a master key (See Burch Paragraph 0025). 

19 Regarding claim 41, Burch, Brovick, and Grambihler taught that the remote credentials 

20 are stored in a remote cache (See Burch Paragraph 0056). 

2 1 Regarding claim 42, Burch, Brovick, and Grambihler taught that the local credentials are 

22 stored in a remote cache provided at any number (n) of hosts (see Burch Paragraph 0056). 
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1 Regarding claim 43, Burch, Brovick, and Grambihler taught that the remote credentials 

2 are maintained by a remote directory service (See Burch Paragraphs 0022 and 0056). 

3 Regarding claim 44, Burch, Brovick, and Grambihler taught that the remote credentials 

4 are encrypted (See Burch Paragraph 0025). 

5 Claims 3 and 19 are rejected under 35 U.S.C. 103(a) as being unpatentable over the 

6 combination of Burch, Brovick, and Grambihler as applied to claims 1 and 17 above, and further 

7 in view of Yianilos et al. (US Patent Application Publication 2002/0029214) hereinafter referred 

8 to as Yianilos. 

9 Burch, Brovick, and Grambihler disclosed detection of changes between local and remote 

10 credentials, but failed to disclose that the synchronizing was based on a comparison of hash 

1 1 values. 

12 Yianilos teaches an altemative method for detecting differences between entries in a 

13 synchronization system which involves generating a hash for the local data and a hash for the 

14 remote data, and comparing the hashes, wherein if the hashes are different then a change has 

1 5 been detected and synchronization is required (See Yianilos Paragraphs 0083 - 0084). 

16 It would have been obvious to the ordinary person skilled in the art at the time of 



17 invention to employ the teachings of Yianilos in the synchronization system of Burch, Brovick, 

1 8 and Grambihler by detecting changes by comparing hashes of the local and remote credential 

19 stores. This would have been obvious because the ordinary person skilled in the art would have 

20 been motivated to minimize the network traffic generated by the synchronization. 

21 Conclusion 

11 Claims 1-27, 29, 3 1-33, and 35-47 have been rejected. 
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1 Any inquiry concerning this communication or earlier communications from the 

2 examiner should be directed to MATTHEW T. HENNING whose telephone number is 

3 (571)272-3790. The examiner can normally be reached on M-F 8-4. 

4 If attempts to reach the examiner by telephone are unsuccessfiil, the examiner's 

5 supervisor, William Korzuch can be reached on (571)272-7589. The fax phone number for the 

6 organization where this application or proceeding is assigned is 571-273-8300. 

7 Information regarding the status of an application may be obtained from the Patent 

8 Application Information Retrieval (PAIR) system. Status information for published applications 

9 may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

1 0 applications is available through Private PAIR only. For more information about the PAIR 

1 1 system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

12 system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 

13 like assistance from a USPTO Customer Service Representative or access to the automated 

1 4 information system, call 800-786-9 1 99 (IN USA OR CANADA) or 57 1 -272- 1 000. 
15 

16 

1 7 /Matthew T Henning/ 

1 8 Examiner, Art Unit 243 1 
19 



